From: Stephen Smalley <sds@tycho.nsa.gov>
To: Rongqing Li <rongqing.li@windriver.com>
Cc: netdev@vger.kernel.org, selinux@tycho.nsa.gov,
lsm <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 1/5] Define the function to write sock's security context to seq_file.
Date: Mon, 08 Aug 2011 09:25:36 -0400 [thread overview]
Message-ID: <1312809936.324.8.camel@moss-pluto> (raw)
In-Reply-To: <4E3FAD40.1020404@windriver.com>
On Mon, 2011-08-08 at 17:32 +0800, Rongqing Li wrote:
> On 08/05/2011 09:56 PM, Stephen Smalley wrote:
> > I'm not sure it is a good idea to output nothing if permission is denied
> > to the socket, as opposed to some well-defined string indicating that
> > condition. Particularly if someone later adds another field to
> > the /proc files after the context; we don't want the contents of that
> > field to be interpreted as the context if permission was denied.
> >
>
> From your review, I redesign the output information as below.
>
> when disable SELinux, print "(none)" in proc
> when enable SELinux, no error on getting security context, print the
> real security context
> when enable SELinux, there is error on getting security context, print
> "??"
>
> Do you think it is OK?
It appears that netstat presently displays a "-" if it cannot obtain the
security context or pid/program name information, so perhaps you should
follow that convention whenever you cannot obtain a security context
regardless of the particular reason. Note that your logic shouldn't be
based on whether or not SELinux is enabled/disabled per se, but rather
based on whether the security module provides security contexts, which
can be determined by checking whether the secid is set to a non-zero
value by security_sk_getsecid(). The audit system (kernel/audit*.c)
uses similar logic to decide whether or not to log task security
contexts.
--
Stephen Smalley
National Security Agency
next prev parent reply other threads:[~2011-08-08 13:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-05 8:58 [PATCH 0/5] Export the sock's security context to proc rongqing.li
2011-08-05 8:58 ` [PATCH 1/5] Define the function to write sock's security context to seq_file rongqing.li
[not found] ` <1312534686-4099-2-git-send-email-rongqing.li-CWA4WttNNZF54TAoqtyWWQ@public.gmane.org>
2011-08-05 13:32 ` Stephen Smalley
2011-08-05 13:56 ` Stephen Smalley
2011-08-08 9:32 ` Rongqing Li
2011-08-08 13:25 ` Stephen Smalley [this message]
2011-08-05 8:58 ` [PATCH 2/5] Export the raw sock's security context to proc rongqing.li
2011-08-05 13:51 ` Stephen Smalley
2011-08-05 8:58 ` [PATCH 3/5] Export the udp " rongqing.li
2011-08-05 8:58 ` [PATCH 4/5] Export the unix " rongqing.li
2011-08-05 8:58 ` [PATCH 5/5] Export the tcp " rongqing.li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1312809936.324.8.camel@moss-pluto \
--to=sds@tycho.nsa.gov \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rongqing.li@windriver.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).